Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Overview

The Entity Behavior dashboard provides a high-level overview of the riskiest entities in your organization. Metrics including total entities tracked and entities by criticality (critical, high, medium, low) are displayed on this page. There is also a dashboard that demonstrates the total number of alerts over time.

The top part of the Overview area displays the following widgets:

Name

Description

Entities Tracked (Last 7 days)

The number of entities that have risk associated with them over the last 7 days, divided by criticality.

Entities Tracked (Last 24 hours)

The number of entities that have risk associated with them over the last 24 hours. 

Number of Alerts Over Time

Graphical display of the SecOps and behavior alerts that have triggered over the last 30 days. This helps you get a high-level understanding of your organization’s environment.

10_Entity Behaviour dashboard.png

Detailed behavior

At the bottom of the page there are seven different widgets. These lists should be used to quickly identify risky entities. In order to choose which entity to investigate first, either drill into the critical entities flagged by the application or choose a Top User/Device/Domain with a high risk score.

image-20240307-121035.png

Name

Description

Notable Entities

A list of entities that need specific attention to ensure no further malicious behavior. Entities marked as favorite will appear in this list.

Top 10 Users (Last 7 days)

A list of the riskiest users in your organization based on cumulative risk.

Top 10 Devices (Last 7 days)

A list of the riskiest devices in your organization based on cumulative risk.

Top 10 Domains (Last 7 days)

A list of the riskiest domains in your organization has interacted with based on cumulative risk. This can include phishing links, DGAs, and other malicious domains seen in your network traffic. 

Top Unique Alert Count (Last 7 days)

The top 10 entities with the highest unique alert count over the last 7 days.  

Top Tactic Count (Last 7 days)

The top 10 entities with the highest number of unique tactics over the last 7 days.  

Top Technique Count (Last 7 days)

The top 10 entities with the highest number of unique techniques over the last 7 days. 

Search for entities

There is an Entity Search box at the top of every page. Simply type a few characters and entities with be shown in a list below as you type. Clicking an entity name in the results will navigate to the Entity Details page for that entity.

30_Entity Behaviour dashboard.png

  • No labels